df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e

Analysis

max time kernel
150s
max time network
117s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
01/05/2024, 04:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
Size

119KB
MD5

220b8a1c62aa1f046189b598d98cc0b7
SHA1

c433e04e39e736ececfdfd95a7d48d787f54e1d8
SHA256

df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e
SHA512

8e3e8353f8c7e7e19a67fc68dd900598d26f3b3b65903c20926c307597a04b25baf7ef871d1a30c00a64fd1597d2adeeba1407943d5156bf1b27bea4380404e6
SSDEEP

1536:67Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSC5:+nymCAIuZAIuYSMjoqtMHfhfQ

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3466) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/384-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
behavioral1/files/0x000c000000015cce-2.dat	UPX
behavioral1/files/0x00030000000104b4-6.dat	UPX
behavioral1/memory/384-658-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/384-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c000000015cce-2.dat	upx
behavioral1/files/0x00030000000104b4-6.dat	upx
behavioral1/memory/384-658-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\js\calendar.js.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_h.png.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_Undocked.png.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.el_2.2.0.v201303151357.jar.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\17.png.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Windows Journal\ja-JP\jnwdui.dll.mui.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\settings.html.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\js\calendar.js.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\navBack.png.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\vlc.mo.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_222222_256x240.png.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Abidjan.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\36.png.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Microsoft Games\Solitaire\fr-FR\Solitaire.exe.mui.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-heapdump.xml.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Windows Mail\fr-FR\WinMail.exe.mui.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Khandyga.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspdif_plugin.dll.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler.xml.tmp	df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe

C:\Users\Admin\AppData\Local\Temp\df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe
"C:\Users\Admin\AppData\Local\Temp\df746d59666a1ec1edc8a079770e49987efeebe1103058ef8a7fce871d23f51e.exe"
1⤵
- Drops file in Program Files directory
PID:384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
119KB

MD5
b3c5ed851d16263f3a32b017d88a98dc

SHA1
6c0a41038eeb25e6698c57a685df4c9472a9835b

SHA256
81e8009228598b0c6f0a05b273b5882d4af3528364d53d7008f9dafea8d056d3

SHA512
385c489ea22dcc9642797356fc96a15e531dae96895109421dd69ea9938803ce5cbeafcd18636bc2db63e2e3dff716f51602b78a31e19bba91a65ca0114ff7d6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
128KB

MD5
d9d090264b90178b53fc4ce774661719

SHA1
93360bcb12c3871338f462db1ec653dad5c51af5

SHA256
4e014a52f333d36c2626bc1c59575a88336b942614ca4d40e319686206b339c0

SHA512
009eb7e79ec22f5e5bf05ee9790f2b9d942260dc6cc379c6f89923634e86d8429a83781f61f87cbed6dd5a14fd53859b46da51142177f7ca223c491f2035982e

Download Submit
memory/384-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/384-658-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download